Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## app/moodels/user.rb
- require 'digest/sha2'
- class User < ActiveRecord::Base
- def password=(pass)
- salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp
- self.password_salt, self.password_hash =
- salt, Digest::SHA256.hexdigest(pass + salt)
- end
- end
- require 'digest/sha2'
- class User < ActiveRecord::Base
- validates_uniqueness_of :username
- def self.authenticate(username, password)
- user = User.find(:first, :conditions => ['username = ?', username])
- if user.blank? ||
- Digest::SHA256.hexdigest(password + user.password_salt) != user.password_hash
- raise "Username or password invalid"
- end
- user
- end
- end
- ## apps/controllers/welcome_controller
- class WelcomeController < ApplicationController
- before_filter :check_authentication, :except => [signin]
- def check_authentication
- unless session[:user]
- session[:intended_action] = action_name
- session[:intended_controller] = controller_name
- redirect_to :action => "signin"
- end
- end
- def signin
- session[:user] = User.authenticate(params[:username], params[:password]).id
- redirect_to :action => session[:intended_action],
- :controller => session[:intended_controller]
- end
- end
- ## app/views/welcome/signin.html.erb
- <html>
- <head>
- <title>Signin for Admin Access</title>
- </head>
- <body>
- <%= start_form_tag :action => "signin" %>
- <label for="username" >Username:</label>
- <%= text_field_tag "username" %><br />
- <label for="password" >Password:</label>
- <%= password_field_tag "password" %><br />
- <%= submit_tag "Sign in" %>
- <%= end_form_tag %>
- </body>
- </html>
Add Comment
Please, Sign In to add comment
